<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
<br>
<br>
Furnish, Trever G wrote:
<blockquote
cite="mid:57573D714A832C43B9D80EAFBDA48D030A03EC28@inex3.herffjones.hj-int"
type="cite">
<blockquote type="cite">
<pre wrap="">-----Original Message-----
From: <a class="moz-txt-link-abbreviated" href="mailto:mailscanner-bounces@lists.mailscanner.info">mailscanner-bounces@lists.mailscanner.info</a>
[<a class="moz-txt-link-freetext" href="mailto:mailscanner-bounces@lists.mailscanner.info">mailto:mailscanner-bounces@lists.mailscanner.info</a>] On Behalf
Of Julian Field
Sent: Sunday, April 06, 2008 11:09 AM
To: MailScanner discussion
Subject: Re: detect executables embedded inside MS Office documents?
Ignore all previous requests for information. I've got enough
of it, pretty much.
The only thing I cannot handle is inserted OLE "Packages"
that contain multiple files. If someone fancies creating one
of those and sending it to me, I'll improve the Package
parser to cope with it.
But it now works with files inserted into Microsoft Office
documents just fine.
This will be in the next release.
I guess it's a fairly major new feature, the ability to
extract embedded files from Microsoft Office documents.
:-)
I think I'm going to have a rest now...
Jules.
</pre>
</blockquote>
<pre wrap=""><!---->
Wow! I didn't really expect much response on that request! Thank you
very much! I look forward to testing, although I'll admit I'm also
hoping the method itself never takes off in the malware world.
</pre>
</blockquote>
No problem, I thought it was a nice idea. Fortunately Microsoft have
actually published the spec of the Office documents, so it's now
possible for people to write parsers without having to reverse engineer
everything. I still had to reverse engineer the "Microsoft Packager"
format by hand, as files are embedded in a Microsoft Package before
being put into the Office document.<br>
<br>
I have already released a beta with the code in it, so you can test it
now.<br>
<br>
If you want to show your gratitude, please feel free to make a donation
or buy me some stuff from my amazon.co.uk wishlist. Full directions are
on the website.<br>
<br>
Cheers,<br>
<pre class="moz-signature" cols="72">Jules
--
Julian Field MEng CITP CEng
<a class="moz-txt-link-abbreviated" href="http://www.MailScanner.info">www.MailScanner.info</a>
Buy the MailScanner book at <a class="moz-txt-link-abbreviated" href="http://www.MailScanner.info/store">www.MailScanner.info/store</a>
Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
</pre>
</body>
<br />--
<br />This message has been scanned for viruses and
<br />dangerous content by
<a href="http://www.mailscanner.info/"><b>MailScanner</b></a>, and is
<br />believed to be clean.
</html>